NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2005-08

php-general Digest 22 Aug 2005 23:01:59 -0000 Issue 3640

php-general-digest-helplists.php.net
Date: Mon Aug 22 2005 - 18:01:59 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 22 Aug 2005 23:01:59 -0000 Issue 3640

Topics (messages 221074 through 221127):

Re: imap_open hangs...
221074 by: Michael Baas

Re: Looking for CMS advice
221075 by: Shafiq Rehman
221111 by: Esteamedpw.aol.com

Re: Problem between php4.4 and mysql
221076 by: Alex Scott

Re: php vulnerability
        221077 by: Rory Browne
        221082 by: Ryan A
        221098 by: Rory Browne
        221100 by: Chris Martin

imagecreatefromstring
221078 by: Ross
221079 by: Jay Blanchard

Updating Multiple rows with Combo Box!
        221080 by: Rahul S. Johari
        221081 by: Jay Blanchard
        221084 by: Rahul S. Johari
        221085 by: Jay Blanchard
        221087 by: Rahul S. Johari
        221089 by: Jay Blanchard

Special HTML characters question.
        221083 by: Jay Paulson
        221086 by: Jay Blanchard
        221092 by: Jay Paulson
        221093 by: Jay Paulson
        221094 by: Shafiq Rehman
        221095 by: Jordan Miller

Re: build sql query struture and values from form fields
221088 by: Jordan Miller

Re: how to know when a php library is installed
221090 by: Miguel Guirao

Re: [PHP-DEV] 5.0.5 download URL
221091 by: Edin Kadribasic

Load testing
221096 by: Chris Boget
221097 by: Robin Vickery

Re: preg_match
221099 by: Robin Vickery

Re: error while running com
221101 by: mikespook
221102 by: tg-php.gryffyndevelopment.com

session_start(), Pragma and Cache-control headers
221103 by: Kim Steinhaug $php list$
221117 by: Kim Steinhaug $php list$

Problem appending values to an object
221104 by: David Pollack

Re: PHP vs. ColdFusion
        221105 by: Rick Emery
        221106 by: Jay Blanchard
        221107 by: Robert Cummings
        221108 by: Robert Cummings
        221109 by: Robert Cummings
        221113 by: Jay Paulson
        221120 by: Dan Baker
        221121 by: Jay Blanchard

Re: Updating Multiple rows with Combo Box! *SOLVED*
221110 by: Rahul S. Johari

Files passing through
        221112 by: Evert | Rooftop
        221123 by: Kevin Waterson
        221125 by: Philip Hallstrom
        221127 by: Kevin Waterson

Re: PHP Printing Error Help
221114 by: Chirantan Ghosh

AJAX coding and Sesisons
221115 by: Bret Walker
221118 by: Kim Steinhaug $php list$

[NEWBIE GUIDE] For the benefit of new members
221116 by: Jay Blanchard

Re: Hardware Detection
221119 by: Rory Browne

Re: Resizing thumbnails to the browser
        221122 by: Dan Trainor
        221124 by: Jasper Bryant-Greene
        221126 by: Dan Trainor

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

> Thanks Buran,

..and apologies for mis-spelling your name, Burhan ;)

Michael

attached mail follows:

Hey Michael,

Visit the site for excellent open source CMS http://www.ez.no

Regards
--
*** phpgurru.com <http://phpgurru.com> [A php resource provider] ***

\\\|///
\\ - - //
( ) PHP is too logical for my brain
+---oOOo-(_)-oOOo------------------------------------------+
| Mian Shafiq ur Rehman
| phpgurru.com <http://phpgurru.com> [A php resource provider]
| 107 B, New Town, Multan Road
| Lahore Pakistan
|
| Mobile: 0300 423 9385
|
| ooo0 http://www.phpgurru.com
| ( ) 0ooo E-Mail: rehmanmsgmail.com
+---\ (----( )------------------------------------------+
\_) ) /
(_/

attached mail follows:

>"the CMS formerly known as Mambo"

Yeah, I was reading about that last night... Interesting stuff lol
Interesting future ahead as well.

- Clint

attached mail follows:

Thanks for all your help.

Problem was that Up2date had installed php 4.3.2 onto our server and
compiled no support for MySQL
into Apache.

I was getting no error messages, so it was only when I saw phpinfo()
that I realised that the version had changed.

Alex.

On Mon, 22 Aug 2005 10:55:06 +1200, "Jasper Bryant-Greene"
<jasperbryant-greene.name> said:
> M. Sokolewicz wrote:
> > Jasper Bryant-Greene wrote:
> >>
> >> Well, it's hard to say without a bit more detail. Are you able to give
> >> us the actual error that PHP is giving on the database connected pages?
> >>
> >> I assume you are using the mysqli functions rather than the mysql
> >> functions to access your database?
> >
> > just in case you didn't know, mysqli wasn't available before PHP 5.0.0.
> > The user states to be using PHP 4.4.x
> >
>
> Apologies, didn't read his email properly. In that case, do you have
> MySQL set up to accept old passwords? The password-hashing function
> changed with MySQL 4.1, and the mysql PHP function uses the old function.
>
> >> Please remember to send replies to the list, there are other far more
> >> knowledgeable people out there who will be able to help too!
>
> Again, *please* send replies to the list as well, not just me!
>
> Jasper
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:

On 8/22/05, Shafiq Rehman <rehmanmsgmail.com> wrote:
> Hi all,
>
> Thanx to all of you. My server is running on Linux and there is not any
> phpbb running on it. If vulnerability is in my code.. Is there any way that
> I can find the buggy code on my server which allowed that trojan to write
> into all the index files.

There is not hard and fast method of finding vulnerabilities. That
would make crackers(as well as admins) jobs too easy. What you can do,
is read up on some PHP security tips, including but NOT LIMITED TO
error_reporting(E_ALL), initialising all variables, not trusting form
input, etc.

If you don't have the ability to do this yourself, you can hire
someone to do a code audit for you. Chris Shiflett (brainbulb.com) I
believe provides this service.

>
> I analyzed the apache logs but did not found any thing wrong. My server is
> protected with firewar and only port 80 is opened.
>
> Thanx
> --
> *** phpgurru.com <http://phpgurru.com> [A php resource provider] ***
>
> \\\|///
> \\ - - //
> ( ) PHP is too logical for my brain
> +---oOOo-(_)-oOOo------------------------------------------+
> | Mian Shafiq ur Rehman
> | phpgurru.com <http://phpgurru.com> [A php resource provider]
> | 107 B, New Town, Multan Road
> | Lahore Pakistan
> |
> | Mobile: 0300 423 9385
> |
> | ooo0 http://www.phpgurru.com
> | ( ) 0ooo E-Mail: rehmanmsgmail.com
> +---\ (----( )------------------------------------------+
> \_) ) /
> (_/
>
> On 8/22/05, Torgny Bjers <torgnyxorcode.com> wrote:
> >
> > Shafiq Rehman wrote:
> > > My server was hacked last week and the message displayed on home page
> > was
> > > "spy kidz owns your server". I researched on internet and found that
> > this is
> > > some kind of trojan which infects the *.index files. It penetrate from
> > HTTP.
> > > Some paople were saying that there is vulnerability in PHP. Please help
> > how
> > > can I protect my server from further attacks.
> >
> > Hello Shafiq,
> >
> > One very common culprit in this scenario would be phpBB, especially
> > older versions, and if you are running PHP without safe_mode and
> > include_path directives, a script could very well overwrite every
> > world-writable (or web server writable) file on your entire server.
> > Happened to us once after a client had been running an old phpBB
> > version. We now have a set of scripts in place that scan our servers for
> > vulnerable scripts, phpBB among those, and alerts us when they're found
> > in a client's home directory.
> >
> > So, to protect your server: turn on safe_mode. If clients (if you have
> > clients on the machine) request safe_mode to be turned off, you can do
> > that manually in httpd.conf for Apache (not sure about IIS on Windows).
> > Also, using hard include paths in the httpd.conf for each virtual host
> > will prevent the scripts running on a site from including/touching files
> > that are outside said paths unless they manage to run a shell with a PHP
> > script that can be activated without using php.ini, which might in this
> > case be another security hole.
> >
> > Regards,
> > Torgny
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>

attached mail follows:

<snip>
> If you
> don't have the ability to do this yourself, you can hire
> someone to do a code audit for you. Chris Shiflett (brainbulb.com) I
> believe provides this service.
</snip>

Chris is a dude who has helped me and a lot of others dozens of times on
this list as he
is a regular contributer to this list, he really knows his stuff...if you
decide
to go with him you'll be getting your money's worth for sure.

If you cant afford to hire him, he has some really good security articles on
his site that you
may want to start on...

Cheers,
Ryan

NOTE: I dont make anything if you go with Chris or not...am not connected
to him/his site in any way
and i dont get anything for plugging him/his site either :-)

attached mail follows:

On 8/22/05, Ryan A <ryancoinpass.com> wrote:
>
> <snip>
> > If you
> > don't have the ability to do this yourself, you can hire
> > someone to do a code audit for you. Chris Shiflett (brainbulb.com) I
> > believe provides this service.
> </snip>
>
> Chris is a dude who has helped me and a lot of others dozens of times on
> this list as he
> is a regular contributer to this list, he really knows his stuff...if you
> decide
> to go with him you'll be getting your money's worth for sure.
>
> If you cant afford to hire him, he has some really good security articles on
> his site that you
> may want to start on...
>
> Cheers,
> Ryan
>
> NOTE: I dont make anything if you go with Chris or not...am not connected
> to him/his site in any way
> and i dont get anything for plugging him/his site either :-)

And for the record, netither do I. I just know from talking to him,
and reading his posts on this list, that he is a professional.

>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

You might also scan your machine (and/or network) with something such
as nessus, or another vulnerability scanner

Chris Martin
Web Developer
Open Source & Web Standards Advocate
http://www.chriscodes.com/

attached mail follows:

Hi,

i am trying this out of curiosity and get sme errors

My gd extension is set up in the correct folder.

This is my script

header("Content-type: image/png");
$string = 'hello';
$im = imagecreatefrompng("images/button1.png");
$orange = imagecolorallocate($im, 220, 210, 60);
$px = (imagesx($im) - 7.5 * strlen($string)) / 2;
imagestring($im, 3, $px, 9, $string, $orange);
imagepng($im);
imagedestroy($im);

Warning: imagecreatefrompng(images/button1.png)
[function.imagecreatefrompng]: failed to open stream: No such file or
directory in c:\Inetpub\wwwroot\blue-fly\contact.php on line 7

Warning: imagecolorallocate(): supplied argument is not a valid Image
resource in c:\Inetpub\wwwroot\blue-fly\contact.php on line 8

Warning: imagesx(): supplied argument is not a valid Image resource in
c:\Inetpub\wwwroot\blue-fly\contact.php on line 9

Warning: imagestring(): supplied argument is not a valid Image resource in
c:\Inetpub\wwwroot\blue-fly\contact.php on line 10

Warning: imagepng(): supplied argument is not a valid Image resource in
c:\Inetpub\wwwroot\blue-fly\contact.php on line 11

Warning: imagedestroy(): supplied argument is not a valid Image resource in
c:\Inetpub\wwwroot\blue-fly\contact.php on line 12

attached mail follows:

[snip]
This is my script

try placing the full path to button1.png in the arguement for the
function

attached mail follows:

Ave,

I have a table with one of the fields ³hired² having either of 3 values:
YES, NO, NULL
My application provides the administrator with all the records in the table
and I need to give him the ability to change the status of ³hired² to either
of the three values.

Previously I was using a Checkbox to update multiple rows using something
like this:

echo "<INPUT name=\"hired[]\" type=checkbox
value=".$row_tjContactFormData['ID'].">";

And running this SQL query to update all the rows which had a checked Check
Box:

        for($i=0;$i<count($thisID);$i++) {
        $sql = "UPDATE contactdata SET hired='YES' WHERE ID='$thisID[$i]'";
        $result = mysql_query($sql) or DIE("Fatal Error: ".mysql_error());

I would display the rows with YES and NO as static records on the page,
those records with NULL would appear with a checkbox, which when Checked
would update the status to YES or left unchecked would change the status to
NO, when the form was submitted.

I need to change this application to allow the administrator to change the
status of any record to either of the three at any time. Thus, what I want
to give him is a Select list in each row, with three values, YES, NO and ON
HOLD. Where selecting YES would change the hired field value to YES, NO
would change it to NO, and ON HOLD would change it to NULL.

I¹ve tried a lot of different logical statements but it¹s not working out.
I¹m able to display the Combo Box in each row with the 3 values
corresponding to what already exists in the database, like this:

But none of my Queries are working. What I want to do is, when the form is
submitted, it should just simply update the Œhired¹ field with whatever
value has been selected for that row in the Combo Box.

Any help appreciated.

Thanks,

Rahul S. Johari
Coordinator, Internet & Administration
Informed Marketing Services Inc.
251 River Street
Troy, NY 12180

Tel: (518) 266-0909 x154
Fax: (518) 266-0909
Email: rahulinformed-sources.com
http://www.informed-sources.com

attached mail follows:

[snip]
          <input type="hidden" name="thisID" value="<?php echo
$row_tjContactFormData['ID']; ?>">
          <SELECT name="hired">
          <option value="YES" <?php
if($row_tjContactFormData['hired']=="YES") { echo "Selected"; }
?>>YES</option>
          <option value="NO" <?php if($row_tjContactFormData['hired']=="NO")
{ echo "Selected"; } ?>>NO</option>
          <option value="NULL" <?php
if($row_tjContactFormData['hired']==NULL) { echo "Selected"; } ?>>On
Hold</option>
          </SELECT>

Can you post the query you are using?

attached mail follows:

Ave,

I guess the last query I tried was simply updating the database with the
value of the Hired form field:

$sql = "UPDATE contactdata SET hired='$hired' WHERE ID='$thisID'";
$result = mysql_query($sql) or DIE("Fatal Error: ".mysql_error());

I've tried using an array and running the query in a loop... Everything
seems to just set the Hired field to "NO" for all records/rows, in the
database, or not change anything at all!

Thanks.

On 8/22/05 9:27 AM, "Jay Blanchard" <jay.blanchardniicommunications.com>
wrote:

> [snip]
> <input type="hidden" name="thisID" value="<?php echo
> $row_tjContactFormData['ID']; ?>">
> <SELECT name="hired">
> <option value="YES" <?php
> if($row_tjContactFormData['hired']=="YES") { echo "Selected"; }
> ?>>YES</option>
> <option value="NO" <?php if($row_tjContactFormData['hired']=="NO")
> { echo "Selected"; } ?>>NO</option>
> <option value="NULL" <?php
> if($row_tjContactFormData['hired']==NULL) { echo "Selected"; } ?>>On
> Hold</option>
> </SELECT>
>
> But none of my Queries are working. What I want to do is, when the form is
> submitted, it should just simply update the Å’hiredÂ¹ field with whatever
> value has been selected for that row in the Combo Box.
> [/snip]
>
> Can you post the query you are using?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Rahul S. Johari
Coordinator, Internet & Administration
Informed Marketing Services Inc.
251 River Street
Troy, NY 12180

Tel: (518) 266-0909 x154
Fax: (518) 266-0909
Email: rahulinformed-sources.com
http://www.informed-sources.com

attached mail follows:

[snip]
I guess the last query I tried was simply updating the database with the
value of the Hired form field:

> <input type="hidden" name="thisID" value="<?php echo
> $row_tjContactFormData['ID']; ?>">
[/snip]

Have you echoed out the query to see that it is correct? Do you have
register_globals ON? If not you need to use the $_GET or $_POST array
depending on the form method....

$sql = "UPDATE contactdata SET hired= '".$_POST['hired']."' WHERE
ID='".$_POST['thisID']."' ";

attached mail follows:

Ave,

register_globals are On.
I think the problem lies in the fact that I'm trying to update multiple rows
in the table, I'm not sure that my query with the UPDATE statement is
updating all the rows with what is being set in the value of the Form Field.

I'm not sure.

On 8/22/05 9:39 AM, "Jay Blanchard" <jay.blanchardniicommunications.com>
wrote:

> [snip]
> I guess the last query I tried was simply updating the database with the
> value of the Hired form field:
>
> $sql = "UPDATE contactdata SET hired='$hired' WHERE ID='$thisID'";
> $result = mysql_query($sql) or DIE("Fatal Error: ".mysql_error());
>
> I've tried using an array and running the query in a loop... Everything
> seems to just set the Hired field to "NO" for all records/rows, in the
> database, or not change anything at all!
>
>> <input type="hidden" name="thisID" value="<?php echo
>> $row_tjContactFormData['ID']; ?>">
> [/snip]
>
> Have you echoed out the query to see that it is correct? Do you have
> register_globals ON? If not you need to use the $_GET or $_POST array
> depending on the form method....
>
> $sql = "UPDATE contactdata SET hired= '".$_POST['hired']."' WHERE
> ID='".$_POST['thisID']."' ";

Rahul S. Johari
Coordinator, Internet & Administration
Informed Marketing Services Inc.
251 River Street
Troy, NY 12180

Tel: (518) 266-0909 x154
Fax: (518) 266-0909
Email: rahulinformed-sources.com
http://www.informed-sources.com

attached mail follows:

[snip]
register_globals are On.
I think the problem lies in the fact that I'm trying to update multiple
rows
in the table, I'm not sure that my query with the UPDATE statement is
updating all the rows with what is being set in the value of the Form
Field.

I'm not sure.
[/snip]

Echo the query before you run it to make sure that the values are what
you expect...

attached mail follows:

I have a problem that I'm sure some of you have run into before,
therefore I hope you all know of an easy solution. Some of my users
are cutting and pasting text from Word into text fields that are being
saved into a database then from that database being displayed on a web
page. The problem occurs when some special characters are being used.
Double quotes, single quotes, and other characters like accents etc
have the special html code like &quote; etc replacing the special
characters. What methods are being used to combat this issue? Is
there a solution out there to run text through some sort of filter
before submitting it to the database to look for these special
characters and then replacing them?

Thanks for any help,
Jay

attached mail follows:

[snip]
I have a problem that I'm sure some of you have run into before,
therefore I hope you all know of an easy solution. Some of my users
are cutting and pasting text from Word into text fields that are being
saved into a database then from that database being displayed on a web
page. The problem occurs when some special characters are being used.
Double quotes, single quotes, and other characters like accents etc
have the special html code like &quote; etc replacing the special
characters. What methods are being used to combat this issue? Is
there a solution out there to run text through some sort of filter
before submitting it to the database to look for these special
characters and then replacing them?
[/snip]

Start here http://www.php.net/htmlentities . You can also use any number
of REGEX functions for replacing them http://www.php.net/regex

attached mail follows:

Thanks for the reply.

I would imagine there are a lot of special html characters that would
need to be changed using regex. Therefore, spending my time making a
regex to find a replace each one of them isn't a good way to spend my
time or even if I did go that route I'm sure it's uses too much system
resources to search for and replace all the characters. The reason I
say that is what if a user does a search on the database and the
database is filled with all these special characters. Sure I could
htmlspecialchars() the string that is passed to the search and then run
the sql to the DB for the query. However, does htmlspecialchars()
account for all special characters? Then you have to account for the
extra space the htmlspecialchars() is going to put in your DB and other
issues that might arise from that.

Does anyone know the common practice for this? Or is it just
preference?

Thanks,
jay

On Aug 22, 2005, at 8:42 AM, Jay Blanchard wrote:

> [snip]
> I have a problem that I'm sure some of you have run into before,
> therefore I hope you all know of an easy solution. Some of my users
> are cutting and pasting text from Word into text fields that are being
> saved into a database then from that database being displayed on a web
> page. The problem occurs when some special characters are being used.
> Double quotes, single quotes, and other characters like accents etc
> have the special html code like &quote; etc replacing the special
> characters. What methods are being used to combat this issue? Is
> there a solution out there to run text through some sort of filter
> before submitting it to the database to look for these special
> characters and then replacing them?
> [/snip]
>
> Start here http://www.php.net/htmlentities . You can also use any
> number
> of REGEX functions for replacing them http://www.php.net/regex
>
>

attached mail follows:

> by the way, you probably don't want to do the conversion *inbound* to
> the database. rather, store the original and do the conversion outbound
> - specific and appropriate for the output display.
>
> if you do it inbound you'll have the html encodings (rather than the
> actual ("special") characters) stored in your database. then, if you
> have need to do output as say plain text (as opposed to html) you'll
> have to unconvert the encodings.

Totally understand this and agree with you 100% However,

> what you may want to do inbound is to convert os/application-specific
> characters, e.g., smart quotes, to more standard representations.

wouldn't this be a headache? Considering I don't know what OS my users
are going to be using?

Ack! I hate dilemmas. :)

Thanks for the reply!

>
>
> ------------ Original Message ------------
>> Date: Monday, August 22, 2005 08:42:14 AM -0500
>> From: Jay Blanchard <jay.blanchardniicommunications.com>
>> To: Jay Paulson <jpaulsonsedl.org>, php-generallists.php.net
>> Subject: RE: [PHP] Special HTML characters question.
>>
>> [snip]
>> I have a problem that I'm sure some of you have run into before,
>> therefore I hope you all know of an easy solution. Some of my users
>> are cutting and pasting text from Word into text fields that are being
>> saved into a database then from that database being displayed on a web
>> page. The problem occurs when some special characters are being used.
>> Double quotes, single quotes, and other characters like accents etc
>> have the special html code like &quote; etc replacing the special
>> characters. What methods are being used to combat this issue? Is
>> there a solution out there to run text through some sort of filter
>> before submitting it to the database to look for these special
>> characters and then replacing them?
>> [/snip]
>>
>> Start here http://www.php.net/htmlentities . You can also use any
>> number of REGEX functions for replacing them http://www.php.net/regex
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>

attached mail follows:

Hi,

Here are two routines for your problem.

function displaytextData($variable){
$variable =
eregi_replace(""",'"',eregi_replace("&","&",eregi_replace("<","<",eregi_replace(">",">",htmlentities2($variable)))));
$variable = trim($variable);
return $variable;
}

Hopefully this will help a lot... Enjoy... ;)
--
*** phpgurru.com <http://phpgurru.com> [A php resource provider] ***

attached mail follows:

Did you try html_entity_decode?
http://us2.php.net/html_entity_decode

You may want to combine this with mysql_real_escape_string()...?

Jordan

On Aug 22, 2005, at 8:29 AM, Jay Paulson wrote:

> I have a problem that I'm sure some of you have run into before,
> therefore I hope you all know of an easy solution. Some of my
> users are cutting and pasting text from Word into text fields that
> are being saved into a database then from that database being
> displayed on a web page. The problem occurs when some special
> characters are being used. Double quotes, single quotes, and other
> characters like accents etc have the special html code like &quote;
> etc replacing the special characters. What methods are being used
> to combat this issue? Is there a solution out there to run text
> through some sort of filter before submitting it to the database to
> look for these special characters and then replacing them?
>
> Thanks for any help,
> Jay
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>

attached mail follows:

I agree, you must be careful of SQL injection... use
mysql_real_escape_string().

To chop off the last character of text use substr():
$sqlstruct = substr($sqlstruct, 0, -1);

Jordan

http://www.php.net/substr
Example 3. Using a negative length

<?php
$rest = substr("abcdef", 0, -1); // returns "abcde"
$rest = substr("abcdef", 2, -1); // returns "cde"
$rest = substr("abcdef", 4, -4); // returns ""
$rest = substr("abcdef", -3, -1); // returns "de"
?>

On Aug 20, 2005, at 4:55 PM, Greg Donald wrote:

> On 8/20/05, Andras Kende <andraskende.com> wrote:
>
>> I would like to create the mysql insert query for my html form
>> fields,
>> I have a small problem it will have an extra , at the end of
>> $sqlstruct
>> And extra "" at $sqldata..
>>
>> Anyone can give a hint ?
>>
>> ////////////
>> foreach ($_POST as $variable=>$value){
>> $sqlstruct.=$variable",";
>> $sqldata.=$value."\"','\"";
>> }
>>
>> $query="insert into db ($sqlstruct) VALUES ($sqldata)";
>>
>
> $k = implode( ',', array_keys( $_POST ) );
> $v = implode( ',', array_values( $_POST ) );
>
> $sql = "INSERT INTO db ( $k ) VALUES ( $v )";
>
> I'd never do something like this though, just begs for SQL injection.
>
>
> --
> Greg Donald
> Zend Certified Engineer
> MySQL Core Certification
> http://destiney.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>

attached mail follows:

Or phpinfo()

-----Original Message-----
From: Greg Donald [mailto:destineygmail.com]
Sent: Domingo, 21 de Agosto de 2005 06:15 a.m.
To: php-generallists.php.net
Subject: Re: [PHP] how to know when a php library is installed

On 8/21/05, Lizet Pena de Sola <lizettheniceweb.com> wrote:
> I need to test whether a library is installed with php or not.

extension_loaded();

--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

Este mensaje es exclusivamente para el uso de la persona o entidad a quien esta dirigido; contiene informacion estrictamente confidencial y legalmente protegida, cuya divulgacion es sancionada por la ley. Si el lector de este mensaje no es a quien esta dirigido, ni se trata del empleado o agente responsable de esta informacion, se le notifica por medio del presente, que su reproduccion y distribucion, esta estrictamente prohibida. Si Usted recibio este comunicado por error, favor de notificarlo inmediatamente al remitente y destruir el mensaje. Todas las opiniones contenidas en este mail son propias del autor del mensaje y no necesariamente coinciden con las de Radiomovil Dipsa, S.A. de C.V. o alguna de sus empresas controladas, controladoras, afiliadas y subsidiarias. Este mensaje intencionalmente no contiene acentos.

This message is for the sole use of the person or entity to whom it is being sent. Therefore, it contains strictly confidential and legally protected material whose disclosure is subject to penalty by law. If the person reading this message is not the one to whom it is being sent and/or is not an employee or the responsible agent for this information, this person is herein notified that any unauthorized dissemination, distribution or copying of the materials included in this facsimile is strictly prohibited. If you received this document by mistake please notify immediately to the subscriber and destroy the message. Any opinions contained in this e-mail are those of the author of the message and do not necessarily coincide with those of Radiomovil Dipsa, S.A. de C.V. or any of its control, controlled, affiliates and subsidiaries companies. No part of this message or attachments may be used or reproduced in any manner whatsoever.

attached mail follows:

The Windows binaries are available at:

http://downloads.php.net/edink/php-5.0.5RC1-Win32.zip
http://downloads.php.net/edink/pecl-5.0.5RC1-Win32.zip

Edin

Zeev Suraski wrote:
> By popular demand, you can now get these binaries at
> http://downloads.php.net/zeev/php-5.0.5RC1.tar.gz
> http://downloads.php.net/zeev/php-5.0.5RC1.tar.bz2
>
> as well.
>

attached mail follows:

What do you guys use for load testing forms? I've just been opening
seperate
windows, navigating to the form, filling out the form on all windows and
hitting
the submit button at the same time. After about 15 or so windows, it
starts to
become a bit cumbersom. Do you guys load test? What do you use?

thnx,
Chris

attached mail follows:

On 8/22/05, Chris Boget <chris.bogetwild.net> wrote:
> What do you guys use for load testing forms? I've just been opening
> seperate
> windows, navigating to the form, filling out the form on all windows and
> hitting
> the submit button at the same time. After about 15 or so windows, it
> starts to
> become a bit cumbersom. Do you guys load test? What do you use?

One of the easiest ways is to use the ab benchmarking tool that comes
free with apache:

ab -n 10000 -c 30 -p post.data http://www.example.com/form.php

Sends 10,000 requests to the form, thirty at a time, using the form
values held in the file post.data.

It'll give you output like this:

Server Software: Apache/2.0.53
Server Hostname: www.example.com
Server Port: 80

Document Path: /form.php
Document Length: 2 bytes

Concurrency Level: 30
Time taken for tests: 5.135291 seconds
Complete requests: 10000
Failed requests: 0
Write errors: 0
Total transferred: 2292519 bytes
Total POSTed: 1743654
HTML transferred: 20022 bytes
Requests per second: 1947.31 [#/sec] (mean)
Time per request: 15.406 [ms] (mean)
Time per request: 0.514 [ms] (mean, across all concurrent requests)
Transfer rate: 435.81 [Kbytes/sec] received
331.59 kb/s sent
767.55 kb/s total

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 3 4.2 3 45
Processing: 5 10 6.4 10 73
Waiting: 4 8 6.1 7 73
Total: 11 14 6.7 13 73

Percentage of the requests served within a certain time (ms)
  50% 13
  66% 13
  75% 13
  80% 13
  90% 14
  95% 16
  98% 50
  99% 51
100% 73 (longest request)

attached mail follows:

On 8/22/05, Richard Lynch <ceol-i-e.com> wrote:
> On Sat, August 20, 2005 5:00 am, John Nichel wrote:
> > Personally, I have never used \\ in PCRE when looking for things like
> > spaces (\s), word boundraries (\b), etc. and it's all worked out fine.
>
> Personally, {
> I
> } have
> never {
> used
> proper
> indenting
> in
> my
> code } and
> it's
> all
> worked
> out
> fine;
>
> :-)

Unnecessary backslashes make your regular expressions almost as
unreadable as those indents.

You only ever need to escape a backslash in single-quotes if it's
before another backslash or a single-quote.

In fact the manual itself explicitly says this:

http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.single

So what benefit exactly do you see in doubling up all the backslashes
in a single-quoted regexp? It's certainly not helping readability, and
they don't actually do anything...

-robin

attached mail follows:

Could u show me ur source code?

""sangram"" <sangrampacificinteractive.co.in>
??????:2205.221.128.138.123.1124551935.squirrelweb80.linux-hosting.com...
> Hi,
> i had uploaded the com application on win2003 server with word 2003
> installed.It runs perfect The traffic of word files increases or other
> reasons the following message starts displaying.
>
> Warning: (null)(): Unable to obtain IDispatch interface for CLSID
> {000209FF-0000-0000-C000-000000000046}: Server execution failed in
> c:\inetpub\wwwroot\localuser\sound1007\www\com.php on line 15
> Unable to instanciate Word
>
>
> If the server is rebooted again the application starts without errors.
> Pls help me what will be the problem.
> Sangram.

attached mail follows:

Showing your code might be useful but taking a shot in the dark here, I'm guessing that after a while, you have too many instances of Word still instantiated.

I remember there being an issue when using COM where the application wouldn't quit properly.

Try using $appinst->Quit() as well as $appinst->Close() (I think that's right)

If you look at your Windows Task Manager, I'm guessing that you'll see an Word app still running even after you thought it had closed.

I'm pretty sure Quit() was one method to call and I think Close() was the other one. Don't remember if you have to do one THEN the other (and don't remember which order.. sorry) or if one works while the other only sort-of works.

Anyway, check into that. I'm pretty sure that may help you.

-TG

= = = Original message = = =

Could u show me ur source code?

""sangram"" <sangrampacificinteractive.co.in>
??????:2205.221.128.138.123.1124551935.squirrelweb80.linux-hosting.com...
> Hi,
> i had uploaded the com application on win2003 server with word 2003
> installed.It runs perfect The traffic of word files increases or other
> reasons the following message starts displaying.
>
> Warning: (null)(): Unable to obtain IDispatch interface for CLSID
> 000209FF-0000-0000-C000-000000000046: Server execution failed in
> c:\inetpub\wwwroot\localuser\sound1007\www\com.php on line 15
> Unable to instanciate Word
>
>
> If the server is rebooted again the application starts without errors.
> Pls help me what will be the problem.
> Sangram.

___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

attached mail follows:

Hello,

I'm working on a downbload script which serves M3U
files (Winamp playlist files) through a PHP file
like this :

somepath/download.m3u.php?id=2

Then in the PHP script I generate the M3U file, and
serve up the headers I want. Swell so far, but a
little problem appears.

The downloads are for members only, and therefor I
need to check if the user is logged in, I do this by
sessions and therefore I add a session_start() at the
start of my file. When I do this some headers are
added to the file, namely :

Set-Cookie: PHPSESSID=xxx; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache

Theese headers are not needed, and I dont want them
either, exept I cant seem to get rid of them since I
need the session_start() in the beginning of the file.

Sure, I could wish for a function unset_potensial_header(pragma);

I guess there are no way to remove theese unwanted headers?
Yesterday I had to give up another problem, but luckily I
found the answer here : http://bugs.php.net/bug.php?id=33057

So to sum it up :
How can I remove the Cache-Control and Pragma headers?

And Im not looking for this answer :
header('Pragma: ');
header('Cache-control: ');

The headers are still sendt, exept they are empty, doesnt look
like a nice sollution for a production environment.

Kind regards,
Kim Steinhaug
- - - - - - - - -
www.steinhaug.com

attached mail follows:

I solved the problem after a while, seems it had been
reacently debated in the bug pages within php, to remove
headers which are added by the session_start(); you can
add the following :

ini_set('session.use_cookies', false);
session_cache_limiter('');

Kind regards,
Kim Steinhaug
- - - - - - - - -
www.steinhaug.com

----- Original Message -----
From: "Kim Steinhaug (php list)" <phpliststeinhaug.no>
To: <php-generallists.php.net>
Sent: Monday, August 22, 2005 7:01 PM
Subject: [PHP] session_start(), Pragma and Cache-control headers

> Hello,
>
> I'm working on a downbload script which serves M3U
> files (Winamp playlist files) through a PHP file
> like this :
>
> somepath/download.m3u.php?id=2
>
> Then in the PHP script I generate the M3U file, and
> serve up the headers I want. Swell so far, but a
> little problem appears.
>
> The downloads are for members only, and therefor I
> need to check if the user is logged in, I do this by
> sessions and therefore I add a session_start() at the
> start of my file. When I do this some headers are
> added to the file, namely :
>
> Set-Cookie: PHPSESSID=xxx; path=/
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
> Pragma: no-cache
>
> Theese headers are not needed, and I dont want them
> either, exept I cant seem to get rid of them since I
> need the session_start() in the beginning of the file.
>
> Sure, I could wish for a function unset_potensial_header(pragma);
>
> I guess there are no way to remove theese unwanted headers?
> Yesterday I had to give up another problem, but luckily I
> found the answer here : http://bugs.php.net/bug.php?id=33057
>
> So to sum it up :
> How can I remove the Cache-Control and Pragma headers?
>
> And Im not looking for this answer :
> header('Pragma: ');
> header('Cache-control: ');
>
> The headers are still sendt, exept they are empty, doesnt look
> like a nice sollution for a production environment.
>
> Kind regards,
> Kim Steinhaug
> - - - - - - - - -
> www.steinhaug.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

attached mail follows:

I have a database with two tables. One is a table of events and the
other is a table of locations. I'm creating a google map with the
table of locations and would like to list the events at each place.
I'm using mambo and the following query to get the data...

                $query2 = "SELECT #__places.*, #__events.title"
                . "\n FROM #__places, #__events"
                . "\n WHERE #__places.name = #__events.adresse_info"
                . "\n AND published='1'"
                . "\n ORDER BY ordering"
                ;

$database->setQuery( $query2 );
$rows = $database->loadObjectList();

This returns the variable $rows with all the data I need to plot the
points on the map and the titles of the events going on at each of
these places. $rows is an array containing objects of each row of
data. The problem I'm having is that some places have multiple events
and when I plot the points, it'll plot multiple points for those
places.

What I'd like to do is collapse the array $rows so that when the name
of a place is duplicated only the title of the event is added and not
all the other duplicate info. I feel like this may be possible either
through manipulation of the data in PHP or by using another sql query.
Any help would be greatly appreciated.

Here's some extra info in case you need it:

// The call used to map all the points
<?
$j = 0;
foreach ($rows as $row) {
?>

        var html = createHTML("<? echo "$row->name"; ?>", "<? echo
"$row->address"; ?>", "<? echo "$row->suburb"; ?>", "<? echo
"$row->state"; ?>", "<? echo "$row->postcode"; ?>");
        var point = new GPoint(<? echo "$row->lng"; ?>,<? echo "$row->lat"; ?>);
        var marker = createMarker(point, html);
        map.addOverlay(marker);
                <?
                if($sname == $row->name) {
                ?>
        marker.openInfoWindowHtml(html);

<?
}
}
?>

And here's the URL of the site

http://www.atlspecials.com/index.php?option=com_places&task=view&Itemid=17

--
David Pollack
DHPollackgmail.com

attached mail follows:

Quoting Rick Emery <rickemery.homelinux.net>:

> My employer has (finally) decided to take full advantage of our
> intranet, and wants to move from client-server applications to
> web-based applications.

[snipped]

> Any input would be greatly appreciated. Opinions are welcome
> (especially from programmers with experience in both), but I have to
> "sell" it to management (I'm already on the PHP side), so links to
> data or articles comparing the two are best.

Ugh, we're *never* going to make a decision. My boss just sent me this email:

"I read the following article and I wanted your feedback on it.
http://www.ukuug.org/events/linux2002/papers/html/php/#section_6. I
have read enough articles to know that the author can slant things one
way or another depending on their personal preferences. I am off to my
Dr?s appointment but I would like to discuss this with you when we both
get a chance. The last two sections are the primary concern. I do know
the article was written 3 years ago and that may have impact as well."

Anybody care to provide words of wisdom to me before I meet with her? I
hate doing this, as I'm sure everybody has better things to do, but I
*really* want to sell PHP.

Thanks in advance,
Rick
--
Rick Emery

"When once you have tasted flight, you will forever walk the Earth
with your eyes turned skyward, for there you have been, and there
you will always long to return"
-- Leonardo Da Vinci

attached mail follows:

[snip]
Anybody care to provide words of wisdom to me before I meet with her? I
hate doing this, as I'm sure everybody has better things to do, but I
*really* want to sell PHP.
[/snip]

6. When to Use PHP
[snip]
How much control will you have over the deployment platform? PHP's one-size-fits-all approach to the php.ini file makes it hard to share servers with sites that were developed with different settings.
[/snip]

This is no longer (or was never) the case as multiple php.ini's can be configured. Not only that multiple versions of PHP can be run on the same machine.

[snip]
How many people will work on the site, now and in the future? PHP as a language lacks the features necessary to promote effective teamwork; the bigger your team, the greater the problems you'll have.
[/snip]

Any effective CVS will let you manage this well, no matter the language.

[snip]
How big will the site be, in terms of numbers of distinct pages? This is related to the previous item: the bigger the site, the greater your need will be for language features that promote teamwork.
[/snip]

Bzzzt. Thanks for playing (Same as above)

[snip]
How long will the site be expected to last? The longer it lasts, the more likely it is that significant design changes will be needed. If you use PHP in the obvious manner, major design changes are difficult. If you extend PHP with a templating system, whether ad hoc or carefully enforced, using PHP buys you little if anything.
[/snip]

Now it becomes obvious that the author had never used or attempted to use PHP in a collaborative enterprise environment. The above statement I would consider false.

[snip]
How experienced are the developers; and how complex will the site need to be? Experienced developers will find themselves hindered rather than helped by the language's simplicity. Inexperienced developers will find the simplicity a significant boon - but if you have inexperienced developers trying to develop a complicated dynamic site, you will soon run into other problems.
[/snip]

Again, I find this comment to be unfounded. Experienced developers are able to do great things with PHP because of the wealth of functions and the flexibility allowed. Inexperienced developers can generally be brought along very quickly so that the cost/benefit analysis leans towards the plus side very quickly.

7. Conclusions
PHP is a convenient language for rapidly prototyping simple dynamic websites. Websites thus built can in many cases be deployed indefinitely, without spending time and money on refactoring code in a different language. PHP's simplicity makes it a good language for inexperienced programmers, such as those moving from a pure page-design rôle to a site development one.

[snip]
For more experienced developers, though, the language's simplicity rapidly turns into complexity, slowing down the development process. These developers are the ones who have the skills needed to build large and/or complex websites; using PHP for such sites therefore tends to be a net loss. This tendency is reinforced by PHP's lack of the linguistic features needed to promote working on large software projects. If your project is at all large or complex, it may be better to look elsewhere when choosing an implementation language.
[/snip]

Again, this is just not true and demonstrates the author's lack of working knowledge of the language and the deployment of the language at the time the article was written, much less today. We manage several millions of records each day with PHP in an enterprise situation and have no issue with complexity.

[snip]
In cases where PHP has been determined to be inappropriate, what language should be used? There is considerable choice here; few languages are as bad as PHP for doing serious development work. The author and his colleagues have had good results with Perl, and believe that languages such as C++, Java, and Python should serve equally well.
[/snip]

Again, the author demonstrates a completye lack of knowledge. PERL can be extremely complex, has a high learning curve, and lacks a certain finesse. All of the languages mentioned find their roots in C, including PHP. So the argument he makes here is a straw man arguement at best.

Seriously, several corporations world-wide are using PHP at an enterprise level (a much bally-hooed but particularly worthless term) each and every day.

attached mail follows:

On Mon, 2005-08-22 at 14:16, Rick Emery wrote:
>
> http://www.ukuug.org/events/linux2002/papers/html/php/#section_6

Wow, that sure is a crock of FUD bullshit. I'll answer in order of
appearance, I don't want to quote in case of copyright issues.

1. Most interesting settings in php.ini can be set via an apache
   virtual directory configuration or .htaccess override. So the point
   raised is moot. The settings you'll care about for multiple servers
   are usually "register_globals" and "magic_quotes". These are both
   controllable via this technique.

2. No language effectively promotes teamwork. This is why concurrent
   versioning systems like CVS exist. Now, some development environments
   promote teamwork, but again, they usually just employ their own
   versioning system... and many just provide hooks to a CVS repository
   itself.

3. Actually number of distinct pages suggest better teamwork since
   developers and content authors can work on different pages
   simultaneously. The code in the background if properly separated from
   the content will not affect development of content at all (except
   where bugs might occur :)

4. Using PHP buys you plenty. There is no language that enforces a
   programmer to adhere to specific principles of business logic and
   content separation when they are stupid, ignorant, or don't care. I
   personally recommend extending PHP with a templating language, but
   others will definitely argue otherwise... that's a question of
   personal taste. Either way, PHP buys you a massive developer base,
   the potential for an inexperience coder to quickly become competent,
   and lots and lots of free already written software you can use if you
   want. Again though, look what using VB in the past bought managers?
   The big headache of VB.net which wasn't compatible. So sounds like
   you may get screwed regardless. There's absolutely nothing that
   guarantees your future... it doesn't exist yet.

5. There are thousands and thousands of experienced developers out there
   using PHP. The sign of experience is not what language you use, but
   what you can do with a language. Personally I find PHP simple yet
   extremely powerful. I can't say I've ever felt hindered-- but then
   maybe I'm still inexperienced *grin*.

Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'

attached mail follows:

On Mon, 2005-08-22 at 14:51, Alan Fullmer wrote:
> So pardon me butting in on this conversation..
>
> I was completely unaware that you were able to do separate php.ini files.
>
> I did know you could do things through htaccess, etc. Is there a way to do
> this separately in http.conf? with virtual domains?

Probably, but I think you meant to respond to Jay Blanchard's post since
he's the one who said you can have multiple php.ini files :) I imagine
it might be possible in the httpd.conf but don't know since I've never
looked. Definitely you could run two webservers and use the proxy-pass
thingy like is done when running PHP4 and PHP5 on the same site.

attached mail follows:

On Mon, 2005-08-22 at 14:16, Rick Emery wrote:
>
> "I read the following article and I wanted your feedback on it.
> http://www.ukuug.org/events/linux2002/papers/html/php/#section_6. I

Just another small comment on this... It's interesting to note that the
author headlines the specific section as "When To Use PHP" and then goes
on to itemize why he thinks you shouldn't use PHP. This is classic FUD
based style since naturally readers jump to sections to see the pros and
cons of something. This guy set it up so that he covers the cons, but
when you jump to see the pros, he just summarizes his idea of the cons
again so readers think it's a lose/lose situation.

attached mail follows:

I've been coding in PHP since version 3 and I actually sold a
telecommunications company to use it for their HUGE intranet back in
2000 (right before they went out of business in North America). They
wanted to use Java and I talked them out of it for the simple fact that
PHP was so easy to use and ease to develop. The learning curve for PHP
vs. Java IMO was 10 times faster especially if you had people coming on
board that didn't really know OOP that well. PHP was the perfect
environment for people who do not have a lot of experience to learn a
language really fast. Even working in it now for 5 years becoming I
guess you could say an expert in PHP I find that really experienced
people in PHP can fly through code and create huge applications in no
time. Even those who have been programming in another language pick up
PHP in just a matter of days and begin to fly around it creating things
very quickly. Out of all my developer friends those who know PHP love
it because it is so easy. I have never once heard of an application
becoming too complex because of it's ease. That to me is just silly
ignorant talk. The guy who wrote that article about PHP obviously
don't know what he is doing and I would argue he was hired by Microsoft
to write something against it because as John Pina Craven said,
"innovation is the enemy of the status quo - it puts people out of
business." :)

You'll have to let us know what the final decision is.

jay

On Aug 22, 2005, at 1:16 PM, Rick Emery wrote:

> Quoting Rick Emery <rickemery.homelinux.net>:
>
>> My employer has (finally) decided to take full advantage of our
>> intranet, and wants to move from client-server applications to
>> web-based applications.
>
> [snipped]
>
>> Any input would be greatly appreciated. Opinions are welcome
>> (especially from programmers with experience in both), but I have to
>> "sell" it to management (I'm already on the PHP side), so links to
>> data or articles comparing the two are best.
>
> Ugh, we're *never* going to make a decision. My boss just sent me this
> email:
>
> "I read the following article and I wanted your feedback on it.
> http://www.ukuug.org/events/linux2002/papers/html/php/#section_6. I
> have read enough articles to know that the author can slant things one
> way or another depending on their personal preferences. I am off to my
> Dr?s appointment but I would like to discuss this with you when we
> both get a chance. The last two sections are the primary concern. I do
> know the article was written 3 years ago and that may have impact as
> well."
>
> Anybody care to provide words of wisdom to me before I meet with her?
> I hate doing this, as I'm sure everybody has better things to do, but
> I *really* want to sell PHP.
>
> Thanks in advance,
> Rick
> --
> Rick Emery
>
> "When once you have tasted flight, you will forever walk the Earth
> with your eyes turned skyward, for there you have been, and there
> you will always long to return"
> -- Leonardo Da Vinci
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

"Rick Emery" <rickemery.homelinux.net> wrote in message
news:20050822141632.zt8ggnk0nxwc8skowww.emery.homelinux.net...
> Quoting Rick Emery <rickemery.homelinux.net>:
>
>> My employer has (finally) decided to take full advantage of our intranet,
>> and wants to move from client-server applications to web-based
>> applications.
>
> [snipped]
>
>> Any input would be greatly appreciated. Opinions are welcome (especially
>> from programmers with experience in both), but I have to "sell" it to
>> management (I'm already on the PHP side), so links to data or articles
>> comparing the two are best.
>
> Ugh, we're *never* going to make a decision. My boss just sent me this
> email:
[snipped]
> Anybody care to provide words of wisdom to me before I meet with her? I
> hate doing this, as I'm sure everybody has better things to do, but I
> *really* want to sell PHP.

<Background Info>
I've been programming since around 1974. I've been using PHP for the past 5
(or so) years. I've always used PHP in conjunction with a MySQL database.
I've used PHP/MySQL for two public websites, that are still running nicely
today.
</Background Info>

I'm currently using PHP/MySQL for an internal-use-only database. Some of
the statistics of this internal-website are as follows:

The actual PHP source code is over 668KB in size.
There are 50 tables in the database, using over 4MB of disk space.
The largest table has over 20,000 records in it.
In the past week, MySQL has had the following stats:
471MB of traffic
500,000 queries

This internal-website is used by our customer service center, as well as our
Sales team. It is easy to maintain or upgrade.

DanB

PS: The application we sell is written in C++.

attached mail follows:

[snip]
...tons of good stuff...
[/snip]

As long as we are doing stats;

tblClass10 187,607,026 MyISAM 54.4 GB
tblClass11 293,357,128 MyISAM 136.0 GB
20 table(s) Sum 500,681,774 -- 202.4 GB

This is fun, on a BSD box, w/dual Xeon processors...ALL report handling
and processing of records in PHP and you are reading correctly....half a
billion records measuring 203 Gigs with anywhere from 1.2 to 1.9 million
records added per night. There is more where this came from.

attached mail follows:

Ave,

Solved it!
Echoing the results out instead of trying out Queries really helped. What I
was basically doing wrong was, I did create an Array for the Values, but I
needed to also create an Array for the ID's for each records, which I
hadn't.

This is the code I used for generating the Select List for each row:

And this is my Query:

        for($i=0;$i<count($hired);$i++) {
        $sql = "UPDATE contactdata SET hired='$hired[$i]' WHERE
ID='$thisID[$i]'";
        $result = mysql_query($sql) or DIE("Fatal Error: ".mysql_error());
        }

Thanks Jay...

On 8/22/05 9:57 AM, "Jay Blanchard" <jay.blanchardniicommunications.com>
wrote:

> [snip]
> register_globals are On.
> I think the problem lies in the fact that I'm trying to update multiple
> rows
> in the table, I'm not sure that my query with the UPDATE statement is
> updating all the rows with what is being set in the value of the Form
> Field.
>
> I'm not sure.
> [/snip]
>
> Echo the query before you run it to make sure that the values are what
> you expect...
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Rahul S. Johari
Coordinator, Internet & Administration
Informed Marketing Services Inc.
251 River Street
Troy, NY 12180

Tel: (518) 266-0909 x154
Fax: (518) 266-0909
Email: rahulinformed-sources.com
http://www.informed-sources.com

attached mail follows:

Hi People,

I want to use a PHP script to pass through a file to the browser [ right
after some processing ].
What is the fastest way to do this? I know
echo(file_get_contents('myfile')); is not a good idea ;)

Is fpassthrough the right choice?
maybe virtual, so it won't go through php but apache does the job?
there's also readfile

Another question, how seriously does this affect the performance in
comparison to let apache handle it. Is the difference big at MB+ files?
or only significant when dealing with a lot of tiny files?

Thanks for your help!
Evert

attached mail follows:

This one time, at band camp, Evert | Rooftop <evertrooftopsolutions.nl> wrote:

> What is the fastest way to do this? I know
> echo(file_get_contents('myfile')); is not a good idea ;)

Why not?

Kevin
--
"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."

attached mail follows:

>> What is the fastest way to do this? I know
>> echo(file_get_contents('myfile')); is not a good idea ;)
>
> Why not?

My guess would be because file_get_contents returns the contents as a
string. So if 'myfile' is 100mb, you're going to have to allocate 100mb
of memory to store that string while echo() spits it back out.

But I'm just guessing as I don't know for sure...

-philip

attached mail follows:

This one time, at band camp, Philip Hallstrom <phpphilip.pjkh.com> wrote:

> My guess would be because file_get_contents returns the contents as a
> string. So if 'myfile' is 100mb, you're going to have to allocate 100mb
> of memory to store that string while echo() spits it back out.
>
> But I'm just guessing as I don't know for sure...

I think you got it, we really dont have enough information on what he
has in myfile.txt

Kevin

"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."

attached mail follows:

Hi John,

//////////////[snip]
> You probably want to move into the relm of array's. For each one of your
> checkboxes, you can do this...
>
> <input type="checkbox" name="InterestedNumber[]" value="1-877-HOMECASH">
/////////////[/snip]

I did look up ARRAY. I just didn't understand how I can insert a table(
"InterestedNumber") in an arrey so I could put something like this for form
processing:
------------------------------------------------------
<?
foreach($HTTP_GET_VARS as $indx => $value) {
${$indx}=$value;
}
foreach($HTTP_POST_VARS as $indx => $value) {
${$indx}=$value;
}
if($sendmessage == "yes"){

$todaytime = date("F j, Y, g:i a");

$mailTo = "cghoshprimarywave.com";
....
$mailBody .= "Main Activities: $activities\n\n";
$mailBody .= "SelectedNumber: $SelectedNumber\n"; //////I am thinking this
is where I should put the Array??/////
$mailBody .= "Comments: $comments\n\n\n";
$mailBody .= "$todaytime";

$mailHeaders = "From: contactprimarywavemedia.com\n";

mail($mailTo, $mailSubject, $mailBody, $mailHeaders);

print "<CENTER><H2>Thank You</H2></CENTER>";

}else{

$_num = new number();
$_num->init();

$number = $_num->num_info[number];

?>
---------------------------------------------------

The PAGE I am testing is
http://www.primarywave.com/BrokerOutpost_ContNAGHAM.php

Thanks for the help,

----- Original Message -----
From: "John Nichel" <johnkegworks.com>
To: <php-generallists.php.net>
Sent: Monday, August 15, 2005 12:58 PM
Subject: Re: [PHP] PHP Printing Error Help

> Chirantan Ghosh wrote:
>> Hi John,
>>
>> I put each check box with name & tried to get the values as I get of
>> Name, etc.
>> Somehow it didn't send that info so, now I tried to get the info of the
>> whole TABLE named "InterestedNumber"(which contains all check boxes)
>>
>> <?
>> //////after all codes////
>> $mailBody .= "Full Name: $name\n";
>> ...
>> $mailBody .= "Company Info: $Company Info\n";
>> $mailBody .= "Interested Numbers: $InterestedNumber\n";
>> $mailBody .= "Interested Area: $InterestedArea\n";
>> $mailBody .= "Comments: $comments\n\n\n";
>> $mailBody .= "$todaytime";
>>
>> /////// THIS is where I put in the check box////
>>
>> How ever the main problem for me is "Interested Numbers:
>> $InterestedNumber\n"; part where I have no clue what "\n" stands for OR
>> why is it repeated in the "Comments" section.
>>
>> The page is http://www.primarywave.com/BrokerOutpost_Contact.htm you can
>> see the source code if you like.
>>
>> Thanks a lot for the input,
>> C
>
> The "\n" is just a new line.
>
> Your checkboxes are all named things like "1-877-HOMECASH" and
> "1-877-APPLY NOW", so '$InterestedNumber' isn't going to have any of their
> values.
>
> You probably want to move into the relm of array's. For each one of your
> checkboxes, you can do this...
>
> <input type="checkbox" name="InterestedNumber[]" value="1-877-HOMECASH">
> <input type="checkbox" name="InterestedNumber[]" value="1-877-APPLY NOW">
>
> So on, and so forth. By naming them in this way, it will pass the value
> to your form processor as a numerical array of all the selected items.
> When you want to process it, just loop thru the array.
>
> http://us2.php.net/manual/en/language.types.array.php
>
> --
> John C. Nichel
> ÜberGeek
> KegWorks.com
> 716.856.9675
> johnkegworks.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

I'm authoring a web app, and I want to use some AJAX functionality.

The users log in via PHP, and they are verified page to page by a
session variable (which stores their username).

I want to write some PHP that alters a database, but I want to be sure
that only authorized users can access the page, and that they can only
delete items associated with their username (in the table).

I want to have javascript asynchronously call the php page, but I don't
know how to protect this page. I don't think I can rely on my session
variable, because the user won't be directly calling the page.

I don't want user A to be able to submit a request to delete an item
belonging to user B. How can I secure this setup while still using AJAX?

Thanks,
Bret

attached mail follows:

I have done this quite a few times lately, you shouldn't
worry. Just have your session_start() and login security
on the pages that you access with javascript aswell, they
will have the same security as any other page.

The sessionID is used for all requests to the server
from the webbrowser, also from within a page from
javascript. Which again means that you can use your
validation scheeme on theese files aswell.

As a side note, if your on a page the user spends much time
on, having some Ajax functionality accually works like a
little heartbeat / pulse, resetting the session time
so that the user infact can spend more time on the same
webpage without having to do some movement, :D

regards,
Kim Steinhaug
- - - - - - -
www.steinhaug.com

----- Original Message -----
From: "Bret Walker" <bret-walkernorthwestern.edu>
To: "PHP-Users" <php-generallists.php.net>
Cc: "Ivan Meyers" <imeyersnorthwestern.edu>
Sent: Monday, August 22, 2005 9:57 PM
Subject: [PHP] AJAX coding and Sesisons

> I'm authoring a web app, and I want to use some AJAX functionality.
>
> The users log in via PHP, and they are verified page to page by a
> session variable (which stores their username).
>
> I want to write some PHP that alters a database, but I want to be sure
> that only authorized users can access the page, and that they can only
> delete items associated with their username (in the table).
>
> I want to have javascript asynchronously call the php page, but I don't
> know how to protect this page. I don't think I can rely on my session
> variable, because the user won't be directly calling the page.
>
> I don't want user A to be able to submit a request to delete an item
> belonging to user B. How can I secure this setup while still using AJAX?
>
> Thanks,
> Bret
>

attached mail follows:

MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 22 Aug 2005 15:02:36 -0500
Message-ID: <C8F323573C030A448F3E5A2B6FE2070B08EB980C

nemesis>
From: "Jay Blanchard" <jay.blanchard

niicommunications.com>
To: <php-general

lists.php.net>
Subject: [PHP] [NEWBIE GUIDE] For the benefit of new members

=========================================================
Please feel free to add more points and send to the list.
20050322jb - Note the new location of PHP Editors list.
=========================================================

1. If you have any queries/problems about PHP try
http://www.php.net/manual/en first. You can download a copy and use it
offline also.

Please also try http://www.php.net/manual/faq.php for answers to
frequently answered questions
about PHP (added by Christophe Chisogne).

2. Try http://www.google.com next. Searching for "php YOUR QUERY" may
fetch you relevant
information within the first 10 results.

3. There is a searchable archive of the mailing list discussion at
http://phparch.com/mailinglists. Many of the common topics are discussed
repeatedly, and you may get answer to your query from the
earlier discussions.

For example: One of the repeatedly discussed question in the list is
"Best PHP editor". Everyone has his/her favourite editor. You can get
all the opinions by going through the list archives. If you want a
chosen list try this link :
http://www.thelinuxconsultancy.co.uk/phpeditors.php
(contributed by Christophe Chisogne).

4. Not sure if PHP is working or you want find out what extensions are
available to
you?

Just put the following code into a file with a .php extension and access
it through your
webserver:

<?php
phpinfo();
?>

If PHP is installed you will see a page with a lot of information on it.
If PHP is not installed (or not working correctly) your browser will try
to download the file.
(contributed by Teren and reworded by Chris W Parker)

5. If you are stuck with a script and do not understand what is wrong,
instead of posting
the whole script, try doing some research yourself. One useful trick is
to print the variable/sql query using print or echo command and check
whether you get what you expected.

After diagnosing the problem, send the details of your efforts
(following steps 1, 2 & 3) and ask for help.

6. PHP is a server side scripting language. Whatever processing PHP does
takes place BEFORE the output reaches the client. Therefore, it is not
possible to access users' computer related information (OS, screen size
etc) using PHP. Nor can you modify any the user side settings. You need
to go for JavaScript and ask the question in a JavaScript list.

On the other hand, you can access the information that is SENT by the
user's browser when a client requests a page from your server. You can
find details about browser, OS etc as reported by
this request.
(contributed by Wouter van Vliet and reworded by Chris W Parker.)

7. Provide a clear descriptive subject line. Avoid general subjects like
"Help!!", "A Question" etc. Especially avoid blank subjects.

8. When you want to start a new topic, open a new mail composer and
enter the mailing list address php-generallists.php.net instead of
replying to an existing thread and replacing the subject and body with
your message.

9. It's always a good idea to post back to the list once you've solved
your problem. People usually add [SOLVED] to the subject line of their
email when posting solutions. By posting your solution you're helping
the next person with the same question.
[contribued by Chris W Parker]

10. Ask smart questions http://catb.org/~esr/faqs/smart-questions.html
[contributed by Jay Blanchard)

11. Do not send your email to the list with attachments. If you don't
have a place to upload your code, try the many pastebin websites (such
as www.pastebin.com).
(contributed by Burhan Khalid)

12. Although the following suggestions have been known to be debatable
they should help you in general internet mailing list 'netiquette';

a. Please do not top post as it is hard to follow. If you are unfamiliar
with the concept it is the posting of the reply ABOVE the thing that is
being replied to.

b. Where possible trim your posts so that only relevant portions of the
message are being discussed. Replies that become too lengthy are likely
to be ignored.

Following these guidelines will ensure that you get effective responses
from the list members. Otherwise, your questions might not be answered.

===============================================
Hope you have a good time programming with PHP.
===============================================

attached mail follows:

Assuming that you are running a web app then, I concour with Richard.

If however you are talking about a client in a more traditional sense,
in that you have a specific client application, then that client
application could get the computers hard disk, in the same way as any
other application could.

In Linux, they can simply parse files like /proc/cpuinfo, or something
like that.

Why exactly do you want to do this?

On 8/22/05, Richard Lynch <ceol-i-e.com> wrote:
> On Fri, August 19, 2005 9:55 pm, Saenal M wrote:
> > Can we get information about hardware on client's PC. (e.g. hard disk,
> > processor, keyboard, etc).? And How?
> > anyone knows? please reply back.
>
> Not only is it not possible, most of that information is NONE OF YOUR
> DAMN BUSINESS!!! :-)
>
> You can assume that if the browser is sending the headers to indicate
> that I prefer French, then I probably have a keyboard that makes
> French characters.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

Richard Lynch wrote:
> On Sun, August 21, 2005 3:04 pm, Murray PlanetThoughtful wrote:
>
>>I have a series of thumbnails on my site of photos I've taken that are
>>all
>>150px in width, but of variable height. I want to randomly display one
>>of
>>the thumbnails each time the home page of my site is loaded in a
>>column that
>>is 140px wide.
>>
>>I'm wondering if anyone can point me at some code that would achieve
>>this?
>>All of the thumbnails are in jpg format.
>>
>>So, essentially, I'm trying to resize the thumbnails down to 140px
>>wide
>>while maintaining the aspect ratio of the image's height.
>
>
> The scaling is easy.
>
> It's getting the damn browsers not to screw up that's hard :-)
>
> Actually, a cheap and easy way would be to just use:
> <img src="/image150.jpg" width="140">
>
> The penalties are:
> 1. The browser downloads a 150x??? image which is a TINY bit larger
> than 140x???, but, really, this is negligible.
>
> 2. The browser has to scale the image, and that's "slow" if it's a
> really really old slow computer.
>
>
> But, to do it "right" server-side.
>
> 1. Edit a .htaccess file and add this to it:
> <Files thumbnail>
> ForceType application/x-httpd-php
> </Files>
>
> This informs Apache that your 'thumbnail' file is REALLY a PHP file,
> even without the .php on the end.
>
> 2. Put this in 'thumbnail':
>
> <?php
> //Untested...
> $path = "/full/hard/drive/directory/path/to/your/images/";
> $image = imagecreatefromjpeg(filename($path . $_SERVER['PATH_INFO']));
> $width = imagesx($image);
> $height = imagesy($image);
> $new_width = 140;
> $new_height = round(140 * $height/$width);
> $new_image = imagecreatetruecolor($new_width, $new_height);
> // resource dst_image, resource src_image, int dst_x, int dst_y, int
> src_x, int src_y, int dst_w, int dst_h, int src_w, int src_h
> imagecopyresamples($new_image, $image, 0, 0, 0, 0, $new_width,
> $new_height, $width, $height);
> ob_start();
> imagejpeg($new_image);
> $data = ob_get_contents();
> ob_end_clean();
> header("Content-type: image/jpeg");
> header("Content-length: " . strlen($data));
> echo $data;
> ?>
>
> Now, to use this script, make an IMG tag like:
>
> <img src="thumbnail/original150image.jpg" width="140">
>
> The browser will never know the image is dynamic, nor that you are
> using PHP, and that's the way you want it.
>

Hello, Richard -

Would the abovementioned use of ForceType also allow one to produce an
image given an HTTP GET query? I was tinkering around with something in
the past where I wanted to implement something such as:

Would what you suggest force the server to return an image for that
given URL, so that the img src specification listed above will work?

Thanks!
-dant

attached mail follows:

Dan Trainor wrote:
> Would the abovementioned use of ForceType also allow one to produce an
> image given an HTTP GET query? I was tinkering around with something in
> the past where I wanted to implement something such as:
>
> <img src="http://example.com/myscript.php?site=1&image=2&something=3">
>
> Would what you suggest force the server to return an image for that
> given URL, so that the img src specification listed above will work?
>

From myscript.php in the